Описание
Anevia Flamingo XL/XS 3.6.20 contains a critical vulnerability with weak default administrative credentials that can be easily guessed. Attackers can leverage these hard-coded credentials to gain full remote system control without complex authentication mechanisms.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Product
- Third Party Advisory
- Third Party AdvisoryExploit
- Third Party AdvisoryExploit
Уязвимые конфигурации
Конфигурация 1
Одновременно
Одно из
cpe:2.3:o:ateme:flamingo_xl_firmware:3.2.9:*:*:*:*:*:*:*
cpe:2.3:o:ateme:flamingo_xl_firmware:3.6.20:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:ateme:flamingo_xl:1.0:*:*:*:*:*:*:*
cpe:2.3:h:ateme:flamingo_xl:1.1:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
Одно из
cpe:2.3:o:ateme:flamingo_xs_firmware:3.2.9:*:*:*:*:*:*:*
cpe:2.3:o:ateme:flamingo_xs_firmware:3.6.20:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:ateme:flamingo_xs:1.0:*:*:*:*:*:*:*
cpe:2.3:h:ateme:flamingo_xs:1.1:*:*:*:*:*:*:*
Конфигурация 3
Одно из
cpe:2.3:a:ateme:soaplive:2.0.3:*:*:*:*:*:*:*
cpe:2.3:a:ateme:soaplive:2.4.1:*:*:*:*:*:*:*
cpe:2.3:a:ateme:soapsystem:1.3.1:*:*:*:*:*:*:*
EPSS
Процентиль: 52%
0.00288
Низкий
7.5 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-798
Связанные уязвимости
CVSS3: 7.5
github
около 1 месяца назад
Anevia Flamingo XL/XS 3.6.20 contains a critical vulnerability with weak default administrative credentials that can be easily guessed. Attackers can leverage these hard-coded credentials to gain full remote system control without complex authentication mechanisms.
EPSS
Процентиль: 52%
0.00288
Низкий
7.5 High
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-798